Skip to content

Commit

Permalink
Update to Drupal 7.73. For more information, see https://www.drupal.o…
Browse files Browse the repository at this point in the history
  • Loading branch information
Pantheon Automation authored and greg-1-anderson committed Sep 16, 2020
1 parent d859257 commit 8a897a1
Show file tree
Hide file tree
Showing 5 changed files with 27 additions and 3 deletions.
5 changes: 5 additions & 0 deletions CHANGELOG.txt
Original file line number Diff line number Diff line change
@@ -1,3 +1,8 @@
Drupal 7.73, 2020-09-16
-----------------------
- Fixed security issues:
- SA-CORE-2020-007

Drupal 7.72, 2020-06-17
-----------------------
- Fixed security issues:
Expand Down
2 changes: 1 addition & 1 deletion includes/bootstrap.inc
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@
/**
* The current system version.
*/
define('VERSION', '7.72');
define('VERSION', '7.73');

/**
* Core API compatibility.
Expand Down
3 changes: 2 additions & 1 deletion misc/ajax.js
Original file line number Diff line number Diff line change
Expand Up @@ -149,7 +149,7 @@ Drupal.ajax = function (base, element, element_settings) {
// The 'this' variable will not persist inside of the options object.
var ajax = this;
ajax.options = {
url: ajax.url,
url: Drupal.sanitizeAjaxUrl(ajax.url),
data: ajax.submit,
beforeSerialize: function (element_settings, options) {
return ajax.beforeSerialize(element_settings, options);
Expand Down Expand Up @@ -195,6 +195,7 @@ Drupal.ajax = function (base, element, element_settings) {
}
},
dataType: 'json',
jsonp: false,
type: 'POST'
};

Expand Down
3 changes: 2 additions & 1 deletion misc/autocomplete.js
Original file line number Diff line number Diff line change
Expand Up @@ -297,8 +297,9 @@ Drupal.ACDB.prototype.search = function (searchString) {
// encodeURIComponent to allow autocomplete search terms to contain slashes.
$.ajax({
type: 'GET',
url: db.uri + '/' + Drupal.encodePath(searchString),
url: Drupal.sanitizeAjaxUrl(db.uri + '/' + Drupal.encodePath(searchString)),
dataType: 'json',
jsonp: false,
success: function (matches) {
if (typeof matches.status == 'undefined' || matches.status != 0) {
db.cache[searchString] = matches;
Expand Down
17 changes: 17 additions & 0 deletions misc/drupal.js
Original file line number Diff line number Diff line change
Expand Up @@ -424,6 +424,23 @@ Drupal.urlIsLocal = function (url) {
return absoluteUrl === baseUrl || absoluteUrl.indexOf(baseUrl + '/') === 0;
};

/**
* Sanitizes a URL for use with jQuery.ajax().
*
* @param url
* The URL string to be sanitized.
*
* @return
* The sanitized URL.
*/
Drupal.sanitizeAjaxUrl = function (url) {
var regex = /\=\?(&|$)/;
while (url.match(regex)) {
url = url.replace(regex, '');
}
return url;
}

/**
* Generate the themed representation of a Drupal object.
*
Expand Down

0 comments on commit 8a897a1

Please sign in to comment.